Helaas is de inhoud van deze pagina niet beschikbaar in de taal van uw keuze.

Ga naar hoofdinhoud
Home Secure boot

Secure boot

(also trusted boot, UEFI secure boot)

Secure boot definition

Secure boot is a security feature implemented in the Unified Extensible Firmware Interface (UEFI) that ensures the integrity of a computer's boot process. It prevents unauthorized or malicious software from running during startup by checking the digital signature of each component, such as the bootloader and operating system kernel, against a database of trusted keys. If any component fails the signature verification, the system will not boot.

See also: BIOS rootkit, cold boot

Secure boot examples

  • Windows operating systems: Secure boot is enabled by default on devices with Windows 8 or later, providing an added layer of protection against rootkits and other low-level malware.
  • Linux operating systems: Many Linux distributions, such as Fedora and Ubuntu, also support secure boot with appropriately signed bootloaders and kernel components.

Secure boot vs. other boot protection methods

  • Secure boot vs. measured boot: While secure boot checks digital signatures to ensure the authenticity of boot components, measured boot records the measurements of these components in a Trusted Platform Module (TPM) to provide a trusted log for remote attestation.
  • Secure boot vs. hardware root of trust: Secure boot relies on firmware-based checks and digital signatures, whereas the hardware root of trust uses a dedicated hardware component to establish trust in a computing device.

Pros and cons of secure boot

Pros:

  • Provides protection against low-level malware and rootkits.
  • Ensures that only authorized software components are executed during the boot process.

Cons:

  • May restrict user freedom by preventing the installation of alternative operating systems or unsigned drivers.
  • Can be vulnerable to attacks that exploit vulnerabilities in the firmware itself.

Tips for secure boot usage

  • Keep your device's firmware and operating system up to date to minimize vulnerabilities.
  • Ensure that secure boot is enabled in your device's UEFI settings.
  • If using a non-Windows operating system, verify that your distribution supports secure boot and follow the recommended installation process.